- October 8, 2018 at 6:14 pm
When configuring VitalPBX to use LetsEncrypt certificate, doesn’t appear to work properly? Still get SSL error when navigating to portal. Also the info is wrong.
I manually created a SSL cert using certbot (letsencrypt) then created a symbolic link to the letsencrypt cert and linked to to appropriate directory; so my vitalpbx.conf httpd file does not point to certs in /etc/.. for security reasons. I manually modified the /etc/httpd/conf../vitalpbx.conf to have the .pem file location. works beautifully.
However, any updates or modifications made to HTTP settings or firewall settings with VitalPBX webUI, it recreates the httpd.conf file and It breaks HTTPD (fails to start because certs not found). So I have to manually edit the config again, or copy back the known good.
There a workaround for this?
Also when using SSL – the dashboard is blank. Is this a Firefox/Safari issue?0
- October 9, 2018 at 12:07 am
We have our demo server with Let’s encrypt (https://demo.vitalpbx.org/), the certificate was generated from the GUI without any issue.
You may check if the certificates folder under /usr/share/ombutel has been created with the right owner, group and permissions.
Owner and Group: apache0
- October 9, 2018 at 3:20 pm
- October 10, 2018 at 1:01 pm
This is what happens when I try to use the built in LetsEncrypt certificate… I create it within
Admin >> Sys. Settings >> Certificates >> Lets Encrypt… save…
Admin >>> HTTP server >> Select cert, Save
and then I try and restart the httpd service. FAILS. The bundle.pem is empty.
This is 100% why I manually did certbot and created own cert files and created symbolic links. But the vitalpbx.conf httpd file gets over written everytime there is changes. So as long as I dont have to bounce the httpd service, webUI works.
systemctl status httpd
● httpd.service – The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2018-10-10 08:57:19 EDT; 14s ago
Main PID: 19298 (code=exited, status=1/FAILURE)
Oct 10 08:57:19 sip-host.mydomain.com systemd: httpd.service failed.
Oct 10 08:57:19 sip-host.mydomain.com systemd: Starting The Apache HTTP Server…
Oct 10 08:57:19 sip-host.mydomain.com httpd: AH00526: Syntax error on line 26 of /etc/httpd/conf.d/vitalpbx.conf:
Oct 10 08:57:19 sip-host.mydomain.com httpd: SSLCertificateFile: file ‘/usr/share/ombutel/certificates/sip-host.mydomain.com/bundle.pem’ does not exist or is empty
Oct 10 08:57:19 sip-host.mydomain.com systemd: httpd.service: main process exited, code=exited, status=1/FAILURE
Oct 10 08:57:19 sip-host.mydomain.com kill: kill: cannot find process “”
Oct 10 08:57:19 sip-host.mydomain.com systemd: httpd.service: control process exited, code=exited status=1
Oct 10 08:57:19 sip-host.mydomain.com systemd: Failed to start The Apache HTTP Server.
Oct 10 08:57:19 sip-host.mydomain.com systemd: Unit httpd.service entered failed state.
Oct 10 08:57:19 sip-host.mydomain.com systemd: httpd.service failed.0
- October 10, 2018 at 1:15 pm
I recreated the symbolic links to be 1:1 match with what the /etc/httpd/conf.d/vitalpbx.conf file has specified. This fixed the httpd restart issue. However, I did uncover a bug
When using SSL Certicate, any method AND when the HTTP server port is changed from default :80 to ANY other web port. The Dashboard breaks and does not display stats. Soon as I change the system settings back to port :80 for HTTP; the dashboard works fine.
Can there be a fix for this? As I do NOT like to use :80 for HTTP on PBX server. When navigating to the HTTP site address, everything works fine. However, when another HTTP port is define, the HTTP(S) dashboard is broken. This also breaks switchboard & fop20
- October 10, 2018 at 1:20 pm
- October 10, 2018 at 3:10 pm
Well, I have my /etc/letsencrypt/live/domain/.pem files symbolic linked to proper files within /usr/share/ombutel/certificates/ in order to fix the SSL issue
now, Within the webUI, when I select the LetsEnctypt cert I created:1969-12-31####note: i’ve modified output for security.ll /usr/share/ombutel/certificates/
drwx–S— 2 apache apache 4096 Sep 25 23:14 _account
-rw-r–r– 1 apache apache 164 Sep 26 16:28 ca.cfg
-rwxr-xr-x 1 apache apache 1720 Sep 26 16:28 ca.crt
-rwxr-xr-x 1 apache apache 3243 Sep 26 16:28 ca.key
drwxr-sr-x 2 root apache 4096 Oct 10 09:09 sip-host.domain.com
-rw-r–r– 1 apache apache 244 Sep 26 16:30 sip-host.domain..com.cfg
-rwxr-xr-x 1 apache apache 1346 Sep 26 16:30 sip-host.domain.com.crt
-rwxr-xr-x 1 apache apache 725 Sep 26 16:30 sip-host.domain.com.csr
-rwxr-xr-x 1 apache apache 891 Sep 26 16:30 sip-host.domain.com.key
-rwxr-xr-x 1 apache apache 2237 Sep 26 16:30 sip-host.domain.com.pem0
- October 11, 2018 at 1:39 pm
Ok – appears I’ve resolved my issue with HTTPS certificate. Although, the internal webUI driven LetsEncrypt still not working. But was able to use my own generated certbot/letsencrypt and the dashboard is working along with everything else
I just had to do a 1:1 map of filenames to match what is exactly in the /etc/httpd/conf.d/vitalpbx.conf file.
so my symbolic links from the letsencrypt .pem files are same as what is called for within the vitalpbx.conf file… all is good and survives httpd restarts.0
- October 11, 2018 at 2:48 pm
To check why the let’s encrypt is not working from the GUI, you may check the logs filers under: /var/log/vitalpbx/
Also you may check:
- If the www folder under /usr/share/ombutel has apache as owner and group
- Check if the www folder has the right permissions (755)
stat -c "%a %n" /usr/share/ombutel/www/0
- You must be logged in to reply to this topic.